IDENTIFY

Identify – – is the first step which helps organizations to understand their own environment – business context, resources and related cybersecurity risks. With that, the organization is able to manage cybersecurity risk to systems, assets, data, and capabilities.

Identify categories include:

‣ Asset Management – includes devices, systems, software assets, data flows, users, communication within the organization, external information systems, prioritized resources and roles, definition of cybersecurity roles and responsibilities that support business processes, and after these items are managed according to their problem importance.

‣ Business Environment – includes organization’s role in its supply chains and industry sector, business mission, objectives, dependencies on critical resources, and resilience and requirements to support the delivery. These informations inform cybersecurity roles, responsibilities, and risk management decisions.

‣ Governance – understanding legal and regulatory requirements, governance and risk processes and organization’s cybersecurity policy, roles and responsibilities. ➢ Risk Assessment – understanding risks that could impact the organizational operations, organizational assets and individuals

‣ Risk Assessment – understanding risks that could impact the organizational operations, organizational assets and individuals.

‣ Risk Management Strategy – identifying organization’s priorities, challenges, risk tolerances and assumptions to support operational risk decisions.

‣ Supply Chain Risk Management – – priorities, risk tolerances and assumptions, constraints used to support risk decisions associated with managing supply chain risks.

IDENTIFY

IDENTIFY

Identify categories include:

Security is your peace